Datasheet
Table Of Contents
- Cisco Catalyst 3560-E Series Switches
- Cisco Catalyst 3560-E Series Primary Features
- Switch Configurations
- Cisco Catalyst 3560-E Series Fixed Configuration Aggregation Switches
- Cisco Catalyst 3560-E Software
- Cisco EnergyWise Technology
- 10 Gigabit Ethernet Uplinks and the Cisco TwinGig Small Form-Factor Pluggable Converter
- Primary Features and Benefits
- Ease of Use: Deployment
- Availability and Scalability
- High-Performance IP Routing
- Superior Quality of Service
- Advanced Security
- Intelligent Power over Ethernet (PoE) Management
- Management and Control Features
- Network Management Tools
- Cisco Network Assistant
- CiscoWorks LAN Management Solution (LMS)
- Cisco Catalyst 3560 SFP Interconnect Cable
- Product Specifications
- Hardware Warranty
- Cisco Services for Access Switching
- Ordering Information
- For More Information
Data Sheet
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 23
Advanced Security
The Cisco Catalyst 3560-E Series supports a comprehensive set of security features for
connectivity and access control, including ACLs, authentication, port-level security, and identity-
based network services with 802.1x and extensions. This set of comprehensive features not only
helps prevent external attacks, but defends the network against “man-in-the-middle” attacks, a
primary concern in today’s business environment. The switch also supports the Network
Admission Control (NAC) security framework.
●
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out
invalid addresses. This feature is used by other primary security features to prevent a
number of other attacks such as ARP poisoning.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users
from exploiting the insecure nature of the ARP protocol.
●
IP source guard prevents a malicious user from spoofing or taking over another user’s IP
address by creating a binding table between the client’s IP and MAC address, port, and
VLAN.
●
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at
Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
●
Private VLAN Edge provides security and isolation between switch ports, which helps
ensure that users cannot snoop on other users’ traffic.
●
Unicast RPF feature helps mitigate problems caused by the introduction of malformed or
forged (spoofed) IP source addresses into a network by discarding IP packets that lack a
verifiable IP source address.
●
IEEE 802.1x allows dynamic, port-based security, providing user authentication.
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user
regardless of where the user is connected.
●
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of
the authorized or unauthorized state of the port.
●
IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including that of the client.
●
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies
regardless of where the user is connected.
●
IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network
access on the guest VLAN.
●
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based
browser for authentication.
●
Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same
switch port while placing them on appropriate voice and data VLANs.
●
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x
supplicant to get authenticated using their MAC address.
●
Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being
bridged within VLANs.
●
Cisco standard and extended IP security router ACLs define security policies on routed
interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6
traffic.